@article{ Author = {Abadi, M. and Burrows, M. and Lampson, B. and Plotkin, G.}, Title = {A Calculus for Access Control in Distributed Systems}, Volume = {15}, Number = {4}, Pages = {706-733}, Year = {1993} } @inproceedings{ Author = {Anderson, R. J.}, Title = {A Security Policy Model for Clinical Information Systems}, BookTitle = {1996 IEEE Symposium on Security and Privacy}, Publisher = {IEEE Computer Society Press}, Pages = {30-42}, Year = {1996} } @inproceedings{ Author = {Bertino, E. and Jajodia, S.}, Title = {Supporting Multiple Access Control Policies in Database Systems}, BookTitle = {1996 Symposium on Security and Privacy}, Publisher = {IEEE Computer Society Press}, Pages = {94-107}, Year = {1996} } @techreport{ Author = {Blaze, M. and Feigenbaum, J. and Lacy, J.}, Title = {Decentralized Trust Management}, Institution = {DIMACS Technical Report}, Note = {-}, Number = {96-17}, Year = {1996} } @inproceedings{ Author = {Blaze, M. and Feigenbaum, J. and Lacy, J.}, Title = {Decentralized Trust Management}, Publisher = {IEEE Computer Society Press}, Pages = {164-173}, Note = {-}, Year = {1996} } @article{ Author = {Boswell, A.}, Title = {Specification and Validation of a Security Policy Model}, Volume = {21}, Number = {2}, Pages = {63-68}, Year = {1995} } @inproceedings{ Author = {Cholvy, Laurence and Cuppens, Frederic}, Title = {Analyzing Consistency of Security Policies}, BookTitle = {1997 IEEE Symposium on Security and Privacy}, Address= {Oakland, CA}, Publisher = {IEEE Computer Society Press}, Pages = {103-112}, Year = {1997} } @inproceedings{ Author = {Clark, D. D. and Wilson, D. R.}, Title = {A Comparison of Commercial and Military Computer Security Policies}, BookTitle = {Proceedings of the Symposium on Security and Privacy 1987}, Publisher = {IEEE Press}, Pages = {184-193}, Year = {1987} } @inproceedings{ Author = {Cuppens, F. and Saurel, C.}, Title = {Specifying a Security Policy: A Case Study}, BookTitle = {Proceedings of the 9th IEEE Computer Security Foundations Workshop}, Publisher = {IEEE Computer Society Press}, Pages = {123-134}, Year = {1996} } @inproceedings{ Author = {Dinolt, G. W. and Benzinger, L. A. and Yatabe, M. G.}, Title = {Combining Components and Policies}, BookTitle = {Proceedings of the Computer Security Foundations Workshop VII}, Address= {Los Alamitos, CA}, Publisher = {IEEE Computer Society Press}, Pages = {22-33}, Year = {1994} } @inproceedings{ Author = {Edjlali, Guy and Acharya, Anurag and Chaudhary, Vipin}, Title = {History-based Access-control for Mobile Code}, BookTitle = {Proceedings of the Fifth ACM Conference on Computer and Communications Security}, Address= {San Francisco, CA}, Publisher = {IEEE Computer Society Press}, Year = {1998} } @inproceedings{ Author = {Ford, W. R.}, Title = {Administration in a Multiple Policy/Domain Environment: The Administration and Melding of Disparate Policies}, Publisher = {IEEE Computer Society Press}, Pages = {42-51}, Note = {-}, Year = {1995} } @inproceedings{ Author = {Fraser, T. and Badger, L.}, Title = {Ensuring Continuity During Dynamic Security Policy Reconfiguration in DTE}, BookTitle = {1998 Symposium on Security and Privacy}, Address= {Oakland, CA}, Publisher = {IEEE Computer Society Press}, Pages = {15-26}, Year = {1998} } @inproceedings{ Author = {Freeman, J. W. and Neely, R. B. and Heckard, M. A.}, Title = {A Validated Security Policy Modeling Approach}, Publisher = {IEEE Computer Society Press}, Pages = {189-200}, Note = {-}, Year = {1994} } @inproceedings{ Author = {Giuri, L. and Iglio, P.}, Title = {A Formal Model for Role-Based Access Control with Constraints}, Publisher = {IEEE Computer Society Press}, Pages = {136-145}, Note = {-}, Year = {1996} } @inproceedings{ Author = {Gligor, V. D. and Gavrila, S. I. and Ferraiolo, D.}, Title = {On the Formal Definition of Separation-of-Duty Policies and their Composition}, BookTitle = {1998 Symposium on Security and Privacy}, Address= {Oakland, CA}, Publisher = {IEEE Computer Society Press}, Pages = {172-183}, Year = {1998} } @inproceedings{ Author = {Goguen, J. A. and Meseguer, J.}, Title = {Security Policies and Security Models}, BookTitle = {1982 Symposium on Security and Privacy}, Publisher = {IEEE Computer Society Press}, Pages = {11-20}, Year = {1982} } @inproceedings{ Author = {Goguen, J. A. and Meseguer, J.}, Title = {Unwinding the Inference Control}, BookTitle = {1984 Symposium on Security and Privacy}, Publisher = {IEEE Computer Society Press}, Pages = {75-85}, Year = {1984} } @inproceedings{ Author = {Guttman, J. D.}, Title = {Filtering Postures: Local Enforcement for Global Policies}, BookTitle = {1997 IEEE Symposium on Security and Privacy}, Address= {Oakland, CA}, Publisher = {IEEE Computer Society Press}, Pages = {120-129}, Note = {-}, Year = {1997} } @inproceedings{ Author = {Hamilton, D.}, Title = {Application Layer Security Requirements of a Medical Information System}, BookTitle = {15th National Computer Security Conference}, Address= {Baltimore Convention Center, Baltimore, MD}, Publisher = {National Institute of Standards and Technology/National Computer Security Center}, Pages = {9-17}, Year = {1992} } @inproceedings{ Author = {Hayton, R. J. and Bacon, J. M. and Moody, K.}, Title = {Access Control in an Open Distributed Environment}, BookTitle = {1998 Symposium on Security and Privacy}, Address= {Oakland, CA}, Publisher = {IEEE Computer Society Press}, Pages = {3-14}, Year = {1998} } @inproceedings{ Author = {Heydon, A. and Maimone, M. W. and Tygar, J. D. and Wing, J. M. and Zaremski, A. M.}, Title = {Miro Tools}, BookTitle = {1989 IEEE Workshop on Visual Languages}, Publisher = {IEEE Computer Society Press}, Pages = {86-91}, Year = {1989} } @article{ Author = {Heydon, Allan and Maimone, Mark W. and Tygar, J.D and Wing, Jeannette M. and Zaremski, Amy Moormann}, Title = {Miró: Visual Specification of Security}, Volume = {6}, Number = {10}, Pages = {1185-1197}, Year = {1990} } @inproceedings{ Author = {Heydon, Allan and Tygar, J.D.}, Title = {Specifying and Checking Unix Security Constraints}, BookTitle = {In UNIX Security Symposium III Proceedings}, Address= {Berkeley, CA}, Publisher = {USENIX Association}, Pages = {211-226}, Year = {1992} } @inproceedings{ Author = {Hoagland, J. and Patel, B.}, Title = {Specification and Application of Policies for Securing Communication}, BookTitle = {1998 USENIX Security Conference}, Pages = {submitted}, Year = {1998} } @techreport{ Author = {Hoagland, J. and Pandey, R. and Levitt, K. N.}, Title = {Security Policy Specification Using a Graphical Approach}, Institution = {University of California, Davis}, Number = {CSE-98-3}, Type = {Technical Report}, Year = {1998} } @inproceedings{ Author = {Jajodia, S. and Samarati, P. and Subrahmanian, V. S.}, Title = {A Logical Language for Expressing Authorizations}, Address= {Oakland, CA}, Pages = {31-42}, Year = {1997} } @inproceedings{ Author = {Kuhnhauser, W. E.}, Title = {A Paradigm for User-Defined Security Policies}, BookTitle = {1995 IEEE Symposium on Reliable Distribution of Systems}, Pages = {135-144}, Year = {1995} } @inproceedings{ Author = {Lampson, B.W.}, Title = {Protection}, BookTitle = {Proceedings of the 5th Symposium on Information Sciences and Systems}, Address= {Princeton University}, Year = {1971} } @inproceedings{ Author = {Maimone, M.W. and Tygar, J.D. and Wing, J.M.}, Title = {Miró Semantics for Security}, BookTitle = {1988 Workshop on Visual Languages}, Address= {Princeton University}, Pages = {45-51}, Year = {1988} } @inproceedings{ Author = {Michael, J. B. and Sibley, E. H. and Baum, R. F. and Wexelblat, R. L. and Li, Fu}, Title = {Experiments in Support of Policy Representation}, BookTitle = {Proceedings of the International Conference on Economics/Management and Information Technology}, Address= {Tokyo, Japan}, Publisher = {Japan Society for Management Information}, Pages = {323-326}, Year = {1992} } @inproceedings{ Author = {Michael, J. B. and Sibley, E. H. and Littman, D. C.}, Title = {Integration of Formal And Heuristic Reasoning as a Basis for Testing and Debugging Computer Security Policy}, BookTitle = {Proceedings of the New Security Paradigms Workshop}, Editor = {Michael, J. B. and Ashby, V. and Meadows, C.}, Address= {Los Alamitos, CA}, Publisher = {IEEE Computer Society Press}, Pages = {69-75}, Year = {1993} } @incollection{ Author = {Michael, J. B. and Sibley, E. H. and Baum, R. F. and Li, F.}, Title = {On the Axiomation of Security Policy: Some Tentative Observations About Logic Representation}, BookTitle = {Database Security, VI: Status and Prospects}, Editor = {Thuraisingham, B. M. and Landwehr, C. E.}, Publisher = {Elsevier Science Publishers}, Address = {North Holland}, Pages = {367-386}, Year = {1993} } @inproceedings{ Author = {Michael, J. B. and Sibley, E. H. and Lin, T. H.}, Title = {Designing and Maintaining Intelligent Vehicle Highway System Security Policy}, BookTitle = {Proceedings of the First World Congress on Applications of Transport Telematics and Intelligent Vehicle-Highway Systems}, Publisher = {Artech House}, Volume = {1}, Pages = {213-220}, Year = {1994} } @inproceedings{ Author = {Miller, D.V. and Baldwin, R.W.}, Title = {Access control by Boolean Expression Evaluation}, BookTitle = {Proceedings Fifth Annual Computer Security Applications Conference}, Address= {Tucson, AZ}, Publisher = {IEEE Computer Society Press}, Pages = {131-139}, Year = {1990} } @article{ Author = {Moffett, J. D. and Sloman, S.}, Title = {The Representation of Policies as System Objects}, Volume = {12}, Number = {2-3}, Pages = {171-184}, Note = {-}, Year = {1991} } @inproceedings{ Author = {Myers, A. C. and Liskov, B.}, Title = {Complete, Safe Information Flow with Decentralized Labels}, BookTitle = {1998 Symposium on Security and Privacy}, Address= {Oakland, CA}, Publisher = {IEEE Computer Society Press}, Pages = {186-197}, Year = {1998} } @inproceedings{ Author = {Peri, R. V. and Wulf, W. A.}, Title = {Formal Specification of Information Flow Security Policies and Their Enforcement in Security Critical Systems}, BookTitle = {Proceedings, the Computer Security Foundations Workshop VII}, Address= {Los Alamitos, CA}, Publisher = {IEEE Computer Society Press}, Pages = {118-125}, Year = {1994} } @inproceedings{ Author = {Peri, R. V. and Wulf, W. A. and Kienzle, D. M.}, Title = {A Logic of Composition for Information Flow Predicates}, BookTitle = {Proceedings of the 9th IEEE Computer Security Foundations Workshop}, Address= {Los Alamitos, CA}, Publisher = {IEEE Computer Society Press}, Pages = {82-94}, Year = {1996} } @inproceedings{ Author = {Polk, W. T.}, Title = {Approximating Clark-Wilson 'Access Triple' with Basic UNIX Controls}, BookTitle = {UNIX Security Symposium IV}, Publisher = {USENIX Association}, Pages = {145-154}, Note = {-}, Year = {} } @inproceedings{ Author = {Sandhu, Ravi S.}, Title = {The Typed Access Matrix Model}, BookTitle = {Proceedings of the 1992 IEEE Symposium on Security and Privacy}, Address= {Oakland, CA}, Publisher = {IEEE Press}, Pages = {122-136}, Year = {1992} } @article{ Author = {Sandhu, R. S.}, Title = {Lattice-Based Access Control Models}, Volume = {26}, Number = {11}, Pages = {9-19}, Note = {+}, Year = {1993} } @inproceedings{ Author = {Sandhu, R.S. and Coyne, E.J. and Feinstein, H.L. and Youman, C.E.}, Title = {Role-based access control: a multi-dimensional view}, BookTitle = {Proceedings of the 10th Annual Computer Security Applications Conference}, Address= {Orlando, FL}, Publisher = {IEEE Press}, Pages = {54-62}, Year = {1994} } @inproceedings{ Author = {Serban, C. and McMillin, B.}, Title = {Run-Time Security Evaluation (RTSE) for Distributed Applications}, BookTitle = {1996 IEEE Symposium on Security and Privacy}, Publisher = {IEEE Computer Society Press}, Pages = {222-232}, Note = {-}, Year = {1996} } @inproceedings{ Author = {Sibley, E. H. and Wexelblat, R. L. and Michael, J. B. and Tanner, M. C. and Littman, D. C.}, Title = {The Role of Policy in Requirements Definition}, BookTitle = {IEEE International Symposium on Requirements Engineering}, Address= {Los Alamitos, CA}, Publisher = {IEEE Computer Society Press}, Pages = {277-280}, Year = {1993} } @inproceedings{ Author = {Sinclair, J. and Ince, D.}, Title = {The Use of Z in Specifying Security Properties}, BookTitle = {Proceedings, 7th International Conference on : Putting into practice methods and tools for information system design}, Editor = {Habrias, H.}, Address= {Nantes, France}, Publisher = {IUT de NANTES}, Pages = {27-39}, Year = {1995} } @inproceedings{ Author = {Son, S. H. and Chaney, C. and Thomlinson, N. P.}, Title = {Partial Security Policies to Support Timeliness in Secure Real-time Databases}, BookTitle = {1998 Symposium on Security and Privacy}, Address= {Oakland, CA}, Publisher = {IEEE Computer Society Press}, Pages = {136-147}, Year = {1998} } @article{ Author = {Steinke, G.}, Title = {A Task-Based Approach to Implementing Computer Security}, Volume = {Fall}, Pages = {47-54}, Year = {1997} } @inproceedings{ Author = {Thompson, R. M.}, Title = {Security Policy, Requirements, and Verification}, BookTitle = {1992 URISA Proceedings}, Pages = {157-165}, Note = {-}, Year = {1992} } @inproceedings{ Author = {Tygar, J. D. and Wing, J. M.}, Title = {Visual Specification of Security Constraints}, BookTitle = {Proceedings of the 1987 Workshop on Visual Languages}, Publisher = {IEEE Computer Society Press}, Pages = {288-301}, Year = {1987} } @article{ Author = {Varadharajan, V. and Calvelli, C.}, Title = {An Access Control Model and its Use in Representing Mental Health Application Access Policy}, Volume = {8}, Number = {1}, Pages = {81-95}, Year = {1996} } @inproceedings{ Author = {Woo, T. Y. C. and Lam, S. S.}, Title = {Authorization in Distributed Systems: A Formal Approach}, BookTitle = {1992 IEEE Computer Society Symposium on Research in Security and Privacy}, Address= {Los Alamitos, CA}, Publisher = {IEEE Computer Society Press}, Pages = {33-50}, Year = {1992} } @inproceedings{ Author = {Zakinthinos, A. and Lee, E. S.}, Title = {A General Theory of Security Properties}, BookTitle = {1997 Symposium on Security and Policy}, Address= {Oakland, CA}, Publisher = {IEEE Computer Society Press}, Pages = {94-102}, Year = {1997} }